ffrl uplink and fastd split

4 files changed, 219 insertions, 0 deletions

diff --git a/roles/setup_ffrl_tunnel/handlers/main.yml b/roles/setup_ffrl_tunnel/handlers/main.yml
new file mode 100644
index 0000000..df37d30
--- /dev/null
+++ b/roles/setup_ffrl_tunnel/handlers/main.yml
@@ -0,0 +1,9 @@
+---
+- name: reenable netctl
+  command: netctl reenable {{ item.name }}
+  with_items: "{{ ffrl_peers }}"
+
+- name: reload bird
+  systemd:
+      name: bird.service
+      state: reloaded
diff --git a/roles/setup_ffrl_tunnel/tasks/main.yml b/roles/setup_ffrl_tunnel/tasks/main.yml
new file mode 100644
index 0000000..e22787f
--- /dev/null
+++ b/roles/setup_ffrl_tunnel/tasks/main.yml
@@ -0,0 +1,36 @@
+---
+- name: create netctl config
+  template:
+      src: netctl
+      dest: /etc/netctl/{{ item.name }}
+  with_items: "{{ ffrl_peers }}"
+  notify: reenable netctl
+
+- name: enable netctl config
+  command: netctl enable {{ item.name }}
+  args:
+      creates: /etc/systemd/system/netctl@{{ item.name }}.service
+  with_items: "{{ ffrl_peers }}"
+
+- name: start netctl config
+  systemd:
+      name: netctl@{{ item.name }}.service
+      state: started
+  with_items: "{{ ffrl_peers }}"
+
+- name: install bird
+  pacman:
+      name: bird
+      state: present
+
+- name: create bird config
+  template:
+      src: bird.conf
+      dest: /etc/bird.conf
+  notify: reload bird
+
+- name: start and enable bird
+  systemd:
+      name: bird.service
+      state: started
+      enabled: yes
diff --git a/roles/setup_ffrl_tunnel/templates/bird.conf b/roles/setup_ffrl_tunnel/templates/bird.conf
new file mode 100644
index 0000000..df242a6
--- /dev/null
+++ b/roles/setup_ffrl_tunnel/templates/bird.conf
@@ -0,0 +1,160 @@
+timeformat protocol iso long;
+
+log "bird.log" all;
+# debug protocols all;
+
+define ffrl_nat_address = {{ ffrl_ip4 }};
+
+define ffmyk_as = 65032; # private AS of ffmyk
+define ffrl_as = 201701; # public AS of rheinland
+
+router id ffrl_nat_address;
+
+ipv4 table ffrl4;
+ipv6 table ffrl6;
+
+function is_default4() {
+    return net ~ [
+        0.0.0.0/0
+    ];
+}
+
+function is_default6() {
+    return net ~ [
+        ::/0
+    ];
+}
+
+function is_ffrl_nat4() {
+    return net ~ [
+        {{ ffrl_ip4 }}/32
+    ];
+}
+
+function is_ffrl_public_nets6() {
+    return net ~ [
+        2a03:2260:1016::/48{48,56}
+    ];
+}
+
+function is_ffrl_tunnel_nets4() {
+    return net ~ [
+        100.64.0.0/10
+    ];
+}
+
+function is_ffrl_tunnel_nets6() {
+    return net ~ [
+        2a03:2260:0::/48
+    ];
+}
+
+# BGP Import Filter für Rheinland
+filter ebgp_ffrl_import_filter4 {
+    if is_default4() then accept;
+    reject;
+}
+
+# BGP Export Filter für Rheinland
+filter ebgp_ffrl_export_filter4 {
+    if is_ffrl_nat4() then accept;
+    reject;
+}
+
+filter ebgp_ffrl_import_filter6 {
+    if is_default6() then accept;
+    reject;
+}
+
+filter ebgp_ffrl_export_filter6 {
+    if is_ffrl_public_nets6() then accept;
+    reject;
+}
+
+protocol device {
+	scan time 10;
+}
+
+# IP-NAT-Adresse legen wir in die interne BIRD Routing Table
+protocol static ffrl_uplink_hostroute4 {
+    ipv4 { table ffrl4; };
+    route {{ ffrl_ip4 }}/32 reject;
+}
+
+protocol static ffrl_public_routes6 {
+    ipv6 { table ffrl6; };
+    route 2a03:2260:1016::/48 reject;
+}
+
+# Wir legen die Transfernetze in die interne BIRD Routing Table
+#protocol direct {
+#    ipv4;
+#    table ffrl4;
+#    interface {% for peer in ffrl_peers %}"{{ peer.name }}", {% endfor %};
+#    import where is_ffrl_tunnel_nets4();
+#}
+
+# Wir exportieren über Rheinland gelernte Routen in die Kernel Table 47 (ffrl)
+protocol kernel kernel_ffrl4 {
+    scan time 30;
+    ipv4 {
+		import none;
+		export filter {
+			krt_prefsrc = ffrl_nat_address;
+			accept;
+		};
+		table ffrl4;
+	};
+    kernel table 42;
+};
+
+protocol kernel kernel_ffrl6 {
+    scan time 30;
+	ipv6 {
+		import none;
+		export filter {
+			if is_default6() then accept;
+			reject;
+		};
+		table ffrl6;
+	};
+    kernel table 42;
+};
+
+# BGP Template für Rheinland Peerings
+template bgp ffrl_uplink4 {
+    local as ffmyk_as;
+    ipv4 {
+		table ffrl4;
+		import keep filtered;
+		import filter ebgp_ffrl_import_filter4;
+		export filter ebgp_ffrl_export_filter4;
+		next hop self;
+	};
+    direct;
+};
+
+template bgp ffrl_uplink6 {
+    local as ffmyk_as;
+    ipv6 {
+		table ffrl6;
+		import keep filtered;
+		import filter ebgp_ffrl_import_filter6;
+		export filter ebgp_ffrl_export_filter6;
+		next hop self;
+	};
+    direct;
+};
+
+{% for peer in ffrl_peers %}
+protocol bgp ffrl_{{ peer.name }}4 from ffrl_uplink4 {
+    source address {{ peer.ip4 }};
+    neighbor {{ peer.peer_ip4 }} as 201701;
+};
+
+protocol bgp ffrl_{{ peer.name }}6 from ffrl_uplink6 {
+    source address {{ peer.ip6 }};
+    neighbor {{ peer.peer_ip6 }} as 201701;
+}
+
+{% endfor %}
diff --git a/roles/setup_ffrl_tunnel/templates/netctl b/roles/setup_ffrl_tunnel/templates/netctl
new file mode 100644
index 0000000..98e8af4
--- /dev/null
+++ b/roles/setup_ffrl_tunnel/templates/netctl
@@ -0,0 +1,14 @@
+Connection=tunnel
+Interface={{ item.name }}
+
+Mode=gre
+Local={{ ansible_default_ipv4.address }}
+Remote={{ item.remote }}
+
+ExecUpPost="/usr/bin/ip link set dev {{ item.name }} mtu 1400; /usr/bin/ip tunnel change {{ item.name }} ttl 64"
+
+IP=static
+Address=('{{ item.ip4 }}/31' '{{ ffrl_ip4 }}/32')
+
+IP6=static
+Address6=('{{ item.ip6 }}/64')